Branch: refs/heads/master
Home: https://github.com/jenkinsci/git-client-plugin
Commit: 883343de9f0ea1567b192510493d810e8cfa5419
https://github.com/jenkinsci/git-client-plugin/commit/883343de9f0ea1567b192510493d810e8cfa5419
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-06 (Fri, 06 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Log Message:
-----------
Options should precede operands to git commands
Commit: 04d2c155d19a37ae28ffe2345e0e2ccd96556b07
https://github.com/jenkinsci/git-client-plugin/commit/04d2c155d19a37ae28ffe2345e0e2ccd96556b07
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-06 (Fri, 06 Sep 2019)
Changed paths:
A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java
Log Message:
-----------
Add SECURITY-1534 tests
Commit: 899123fa2eb9dd2c37137aae630c47c6be6b4b02
https://github.com/jenkinsci/git-client-plugin/commit/899123fa2eb9dd2c37137aae630c47c6be6b4b02
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-06 (Fri, 06 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Log Message:
-----------
[SECURITY-1534] Prevent remote execution by repo URL
SECURITY-1534 reports that user input in the repository URL field is not
validated sufficiently. A carefully crafted value in the URL field can
allow a user with Job administration permissions to execute an arbitrary
program on the Jenkins master.
Sanity check the values passed as repository URL to the ls-remote and
fetch commands so that user entered data cannot execute arbitrary programs
on the Jenkins master.
Use -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL=false
to disable URL checking.
Commit: 701c12c1b40d509fddbdf547818baf483b57415d
https://github.com/jenkinsci/git-client-plugin/commit/701c12c1b40d509fddbdf547818baf483b57415d
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-07 (Sat, 07 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
M src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java
Log Message:
-----------
Test with remote URL checking enabled and disabled
Randomize remote check test, test a subset for speed.
Don't assert expected message when testing with remote URL checks
disabled. The assertion messages come from command line git and vary
depending on the version of git installed on the computer. Not reliable
across multiple git versions.
Ignore marker file existence in some tests
If a test has remote URL checking disabled, then it is expected that
some cases will allow the marker file to be created. Only check for
the marker file when running with remote URL checking enabled.
Commit: ce1b99ec62038466ee40401894bcd99901934f59
https://github.com/jenkinsci/git-client-plugin/commit/ce1b99ec62038466ee40401894bcd99901934f59
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare release git-client-2.8.5
Commit: 7d5e0b388ee4a264556c56718571caddcf793b44
https://github.com/jenkinsci/git-client-plugin/commit/7d5e0b388ee4a264556c56718571caddcf793b44
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-09 (Mon, 09 Sep 2019)
Changed paths:
M pom.xml
Log Message:
-----------
[maven-release-plugin] prepare for next development iteration
Commit: 6b93d1460e4e066bb487076365e3358b75852dbc
https://github.com/jenkinsci/git-client-plugin/commit/6b93d1460e4e066bb487076365e3358b75852dbc
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-12 (Thu, 12 Sep 2019)
Changed paths:
M src/test/java/org/jenkinsci/plugins/gitclient/GitAPITestCase.java
Log Message:
-----------
Ignore getAllLogEntries test result
The getAllLogEntries method is deprecated. Its test depends on precise
output ordering of the git command
git log --all origin/master
The ordering is different between command line git and JGit when two
commits happen in the same second. JGit ordering is incorrect, since
it should be able to resolve the predecessor and successor
relationship from the relationship between the parent and child
commits. However, that difference is consistently there in JGit 4.5
and in JGit 5.4.
The getAllLogEntries method in this API is deprecated and its output is
questionable, whether from JGit or command line git. Not valuable enough
to spend more time on it. I would have deleted the test completely but is
is easier and clearer to document when a test result is ignored rather
than to risk someone introducing a test again without knowing why the
output of the deprecated method is unreliable.
Commit: 065b14c12cad4f4c357096e97db12d15e85bc058
https://github.com/jenkinsci/git-client-plugin/commit/065b14c12cad4f4c357096e97db12d15e85bc058
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-12 (Thu, 12 Sep 2019)
Changed paths:
M src/test/java/org/jenkinsci/plugins/gitclient/GitAPITestCase.java
Log Message:
-----------
Really ignore getAllLogEntries test result
Commit: 55a5ac9210500022ad329f3a726fb1a566cff536
https://github.com/jenkinsci/git-client-plugin/commit/55a5ac9210500022ad329f3a726fb1a566cff536
Author: Mark Waite <mark.earl.wa...@gmail.com>
Date: 2019-09-12 (Thu, 12 Sep 2019)
Changed paths:
M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
M src/test/java/org/jenkinsci/plugins/gitclient/GitAPITestCase.java
A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java
Log Message:
-----------
Merge branch 'stable-2.8'
Compare:
https://github.com/jenkinsci/git-client-plugin/compare/0da8540fbe04...55a5ac921050
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/git-client-plugin/push/refs/heads/master/0da854-55a5ac%40github.com.
